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IN THE SPECIFICATION ; 

Please substitute the attached substitute specification the specification originally submitted with 
the application. Additk anally, the following illustrates a markup version or the specification: 

S ECURITY AND AUTHORIZATION DEVELOPMENT TOOLS 

SRTJ IRITY AND AUTHORIZATION DEVELOPMENT TOOLS 

BACKGROUND OF THE INVEN TION 

BACKGROUND OF THE INVENTION 



Field of the Inventio n 

Field of the Invention 

{0001} [00011 llie present invention generally relates to information systems and, more 
particularly, to database management systems for security and authorization development tools. 

Description of the Related *4 * t 
Description of the Related Art 



{0003} [0002] Conventional database management systems utilizing a relational (related) 
database for storing and accessing information relevant to a particular application are wcll- 
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known in the art. These relational databases axe typically designed such that information can be 
stored in one particular file that relates to information stored in another file within the same 
database system. A database system may be comprised of files accessible over communication 
networks as well as locally. Information stored in related files allow for the quick retrieval of 
more complex information than would otherwise be possible, such as information continuously 
updated in a database system. Information stored in such a database provides a convenient 
method for authorized users to retrieve information by typing in a query with knowledge of the 
underlying format, 

{©003} [00031 Moreover, conventional database systems maintain their data in a durable 
storage mechanism such as a disk drive. Usually, the database system will also have a non- 
durable copy of an active portion of the database in a volatile memory cache wherein the data in 
the volatile memory cache can be rapidly accessed, but can also be destroyed and lost in the 
event of a system crash, program failure, power surge or similar abnormal termination. Tn order 
to maintain the integrity of the database, updates to the database system must be guaranteed to be 
stored, i.e., committed, in the durable storage 
mechanism. 

{0004} r00041 One application for database systems is workflow systems, Workflow 
systems effect business processes by controlling the scheduling and parameters of activities, 
acquiring their results, and using the results in determining other activities to be run. A business 
process is a description of the sequencing, timing, dependency, data, physical agent allocation, 
business rule, and organization policy enforcement requirements of business activities needed to 
enact work. Most workflow systems utilize relational, object-oriented, network or hierarchical 
database management systems to store data relating to the business process. 
10/015,256 3 
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(0005] rOOOSl In general, workflow systems perform a wide range of tasks. For example, 
they can provide a method for defining and managing the flow of a work process or support the 
definition of resources Jind their attributes. Additionally, workflow systems can assign resources 
to work, determine which steps will be next executed within a work process, when they will be 
executed, and can ensure that the workflow process continues until proper termination. 
Furthermore, workflow systems can notify resources about pending work and enforce 
administrative policies such as tracking execution and support user inquiries of status, 

{0006} [00061 Oftentimes it is useful for some workflow process applications to have 
access to historical data regarding data changes within the system. Historical data takes the form 
of an audit trail for completed workflow processes and is useful to the collection of statistical 
data for process and resource bottleneck analysis, flow optimization and automatic workload 
balancing, 

{0007} [0007] Since data in a workflow system represents work that needs to be done or 
has already been done, the database generally needs to provide a high degree of reliability. Loss 
of the data related to a completed work event can mean the loss of the work performed by the 
work event. It is also quite useful tor some applications to provide convenient access to 
historical data from the system. 

{OOOft) [00081 In modern data processing environments, a client's data is often distributed 
among a plurality of heterogeneous database systems. Heterogeneous database systems are 
database systems that have different data definition and manipulation procedures, security 
procedures, system management approaches, capabilities, etc. Examples of heterogeneous 
database systems include DB2® available from IBM, Armonk, NY, USA; Oracle®, available 
from Oracle Corp., Redwood Shores, CA, USA; and Sybase®, available from Sybase Inc., 
10/015,256 4 
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Emeryville , CA, USA, etc. Such heterogeneous database systems, when used together, 
» 

collectively represent a heterogeneous, distributed database environment (or system). 
Heterogeneous, distributed database systems are also sometimes called federated database 
systems and/or multi-dutabase systems. 

t©0091 ro0091 In order to enhance user-friendliness, it is preferred that clients be provided 
with a common interface to all of the heterogeneous database systems. In other words, it is 
preferred that clients b<- under the illusion that they are interacting within a single database 
system* 

{OMO} rOOlO] However, one of the inherent weaknesses of the conventional database 
systems is the inability to provide updated tracking and status guidelines and progression of 
ongoing projects as they occur in a multi-level corporate environment, and in the security and 
authorization environment, in particular. Moreover, there remains a need for a new and 
improved database system to track software and hardware fulfillment development and software 
and hardware fulfillment production, and to communicate any modifications of these operations 
Ui user profiles as they pertain to new functional releases of software programs. Furthermore, 
there is a need to consolidate the data used in the development of software programs in order to 
provide lor a more efficient auditing procedure, and to ensure that access to software 
development-related data remains secure, and access to such data is limited to those on a need- 
to-know basis. 

SUMMARY OF THE INVENTION 

SUMMARY OF THE INVENTION 

10/015,256 5 
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[0011] rOOl 11 In view of the foregoing and other problems, disadvantages, and 
drawbacks of the conventional database systems, the present invention has been devised, and it is 
an object of the present invention, to provide a structure and method for a new and improved 
database management system for security and authorization development tools- 

[0 0 12] [00121 In order to attain the object suggested above, there is provided, according 
to one aspect of the invention, a computer system executing a method for tracking custom 
computer application development profiles in a data processing system, wherein the computer 
system comprises a first database tool, a second database tool connected to the first database 
tool, a third database tool connected to the first and second database tools, a data bank connected 
to the first, second and third database tools, and a security and authorization interface connected 
to the data processing .system, 

[0013] |"00131 The first database tool comprises a first set of protocols which create and 
edit the profiles. The second database tool comprises a second set of protocols which gather 
requirements of the profiles. The third database tool comprises a third set of protocols which 
track modifications of the profiles. 

f6014} [00141 Moreover, the first database tonl comprises a security and authorization 
profile change request database which allows the authorization users and requesters the ability to 
view documented progress of their queries pertaining to the profiles. Furthermore, the second 
database tool comprises a profile requirement worksheet which identifies the data. Additionally, 
the second database tool further identifies authorization objects and field values of the profile 
requirement worksheet necessary to gather the requirements of the profiles. 

r00151 Finally, the third database tool comprises a Profile Matrix which comprises 
a data set. Also, the tliird database tool allows tracking capability of tasks required to gather and 
10/015,256 6 
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implement changes to the profiles- 

{MK>} £00 161 There are several benefits of the present invention. First, prior to the 
present invention, no system provides a method and system for tracking updates to changes in 
profiles of specifications required for software coding and development. Moreover, no other 
system or method provides a history of the updates and changes in a clear and concise manner, as 
does the present invention. Furthermore, the present invention significantly reduces cycle tunes 
and administrative costs in the auditing procedures synonymous with software development. 
Additionally, the present invention provides for a fully-documented database which aids in the 
internal auditing and control process. Finally, the present invention provides the ability to ensure 
that software development for a particular program or release is secure in terms of providing 
access to the development information (such as specifications, requirements, customized 
solutions, coding, programmers' comments, etc.) to only those individuals and entities absolutely 
required to have such information. 



BRIEF DESCRIPTION OF THE DRAWINGS 

BRIEF DESCRIPTION OF THE DRAWINGS 

10017] r0017] The foregoing and other objects, aspects and advantages will be better 
understood from the following detailed description of preferred embodiments of the invention 
with reference to the drawings, in which: 

{<MHS} [00181 Figure 1 is a system diagram illustrating a preferred embodiment of the 
present invention; 

t©0W} rOQl&l Figure 2 is a flow diagram illustrating a preferred method of the present 
JO/015,256 7 
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invention; 

10020] [00201 Figure 3 is a flow diugrnm illustrating a preferr e d method database system 
diagram according to an embodiment of the present invention; 

[0021] [00211 Figure 4 is a flow diagram illustrating a preferred method graphical 
illustration of the interrelation of the software of the present invention; and 

[00321 IQ022J Figure 5 is a system diagram illustrating a preferred embodiment of the 
present invention, 

DETAILED DE S CRIPTION OF PREFERRED 
EMBODIMENTS OF THE INVENTION 

DETAILED DESCRIPTION OF PREFERRED 
EMBODIMENTS OF THE INVENTION 

{0033} r00231 As previously mentioned, there is a need for a new and improved database 
system to track software and hardware fulfillment and development progress, to track software 
and hardware fulfillment production, and to communicate any modifications of these operations - 
to user profiles as they pertain to new functional releases of software programs or other ongoing 
projects. 

{OffiM} [0024] The present invention and its tools solve problems related to tracking the 
status and progression of software program release-related development profiles. The various 
types of programs which the present invention and its tools can work with include virtually any 
type of computer software program, including custom applications and their development from 
release-to-release (i.e. the first version of a particular software to the nfh version of the 
10/015,256 8 
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software). The types of profiles which the present invention relates to includes end-user profiles 
such as tracking updates and problems, error consolidation and correction, and a status of the 
requests for updates, v 

[00251 Referring now to the drawings, and more particularly to Figures 1 through 
5, there are shown preferred embodiments of the method and structures according to the present 
invention. Specifically, in Figure 1 > a schematic diagram of the database system 20 is shown 
comprising a Profile Matrix 24, a Profile Requirement Worksheet tool 26, and a Security and 
Authorization Profile Change Request Database 28, all communicating together and collectively, 
and extracting data from a Profile Data Bank 22. A Security and Authorization Team interlace 
25 is further provided to allow access to the database system 20. This database design is 
different than conventional databases because the present invention provides a Security and 
Authorization Team interface 25. 

[0026] 1 00261 Figure 2 illustrates a preferred flow diagram illustrating a preferred method 
according to the present invention. The method for tracking custom computer application 
development profiles in a data processing system 20 comprises a step 30 of tracking 
modifications of the profiles with a first database tool 24. The method further comprises a step 
32 of gathering requirements of the profiles with a second database tool 26 and a step 34 of 
creating and editing the profiles with a third database tool 28. Moreover, the method comprises a 
step 36 of providing data to the first database tool 24, the second database tool 26, and the third 
database tool 28; and a step 38 of allowing security and authorization users access to the profiles. 
This methodology is different than conventional methodologies and data processing systems 
because the present invention provides a Security and Authorization Team interface 25 and 
allows security and authorization users to have access to the profiles. 
10/015,256 9 
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{0027} f00271 In the step 30 of tracking modifications of the profiles with a first database 
tool 24, the first databa.sc tool 24 comprises a Profile Matrix 24 wherein the Profile Matrix 24 
comprises a data set. Moreover, in the step 30 of tracking modifications of the profiles with a 
first database tool 24, the first database tool 24 allows for tracking capability of tasks required to 
gather and implement changes to the profiles. 

{0028} [0028) In the step 32 of gathering requirements of the profiles with a second 
database tool 26, the second database tool 26 comprises a profile requirement worksheet 26 
which identities the data. Additionally, in the step 32 of gathering requirements of the profiles 
with a second database tool 26, the second database tool 26 further identifies authorization 
objects and field values of the profile requirement worksheet 26 necessary to gather the 
requirements of the profiles. 

{0029} r00291 la the step 34 of creating and editing the profiles with a third database tool 
28, the third database tool 28 comprises a security and authorization profile change request 
database 28, which allows the authorization users and requesters the ability to view documented 
progress of queries of the profiles. 

{0030} [00301 In Figure 3, a general schematic diagram of the database system is shown 
according to the present invention wherein a control unit 50 provides instructions to an input 
interface 52, an output interface 54, the computer central processing unit 56, the storage and 
memory units 58, and die data processing system 60. Again, the present database system is 
different than conventional database systems because the present invention provides a data 
processing system 60 which communicates with a Security and Authorization Team interface 25 
(as seen in Figure 1 ). V 

{0031} f003t] In Figure 4, a graphical illustration of the interrelation of the software of 
10/015,256 10 
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the present invention is shown. Here, the operating system 69 interacts with the database 
management system 62 which provides selected data based on instructions provided by the query 
handler 64. A user interface 66 allows a user to input a desired query into the query handler 64 
which, upon receiving data from the database management system 62, outputs the results to a 
report writer 68. Again, the present database management system 62 is different than 
conventional database management systems because of the presence of a Security and 
Authorization Team interface 25 (as seen in Figure 1), 

[0032] [00321 In Figure 5, there is shown a system diagram according to the present 
invention, wherein a representative hardware environment for practicing the present invention is 
depicted as the diagram illustrates a typical hardware configuration of an information 
handling/computer system, in accordance with the subject invention, having at least one 
processor or central processing unit (CPU) 10. The CPUs 10 are interconnected via system bus 
12 to random access memory (RAM) 14, read-only memory (ROM) 16, an inputfoutput (I/O) 
adapter 18 for connecting peripheral device* such as disk units 1 1 and tape drives 13, to bus 12, 
user interface adapter 19 for connecting keyboard 15, mouse 17, speaker 103, microphone 104, 
and/or other user interface devices such as a touch screen device (not shown) to bus 12, 
communication adapter 105 for connecting the information handling system to a data processing 
network, and display adapter 101 for connecting bus 12 to display device 102. A program 
storage device readable by the disk or tape unit is used to load the instructions which operates on 
a wiring interconnect design which is also loaded onto the computer system. 

{0033} 100331 TTie present invention provides for an easily accessible Profile Summary 
Matrix tool 24 to allow for the ability to not only track the profile progress of projects currendy 
in development, but also for use in the production environment for company-specific internal 
10/015,256 11 
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control audits and certification reviews. Specifically, internal auditors use the Profile Summary 
Matrix tool 24 to review the status of the development of a particular release of software (i.e., 
first version to nth version of the software). Often, the review occurs after the software has been 
completed. The auditors verify whether the product specifications have been met, as well as 
verify that all other requirements of the software have been met. The auditors review the profiles 
generated throughout the development of the software and compare the final product (software) 
with the actual profile, which may include the specifications, in order to review the history of the 
development. This will show the auditor where updates or changes were made during the course 
of the development of the software. Furthermore, the auditors review the history to determine if 
there have been any breaches in security; that is, whether those individuals, such as end-users, 
arc duly authorized to iweive the software, coding, etc. 

[003 4 J 100341 Furthermore, the present invention provides for Profile Requirement 
Worksheets (and tool) (PRWs) 26 to identify the historical transaction, report and custom table 
development in relation to each of the release requirements* This is important because it 
provides another manner in which to review the history of the development of the software. 
Additionally, the PRWs identify specific business requirements (specifications) which the 
software must provide , 

f©035} [0035] Moreover, the present invention provides for a Security and Authorization 
(S&A) Profile Change Request Database 28 to allow users the ability to request modifications to 
current profiles and to track the progress of their requests. This is different than conventional 
relational databases or conventional workflow systems because the present S&A Profile Change 
Request Database 28 specifically determines whether breaches in security have occurred in all 
phases of the development of a software program. Also, the present database ensures that only 
10/015,256 12 
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those individuals or entities which have been identified by company-specific internal controls, 
who should have access to the software, will have access to the software. 

{m*\ fOQ361 Tn a preferred embodiment, the Profile Matrix 24 is a tool used to track 
new release modifications at a high level to the custom application profiles. The Profile Matrix 
24 contains Che profile description (user name), the profile name, development process team 
S&A representatives, the date the profile requirement worksheets (PRWs) 26 are delivered to the 
process team S&A representatives, the date the completed PRW 26 is returned to the 
development S&A team, and a comment indicating whether there are changes to existing profiles 
or whether a new profile is required. The Profile Matrix 24 compiles the data entered into the 
matrix using internal database compilers, such as those known in the art, or the data may be 
compiled by manual data entry. The data is compiled on an ongoing basis and varies depending 
on the needs of the developers or end-users. Specifically, the data may be compiled only once 
during the development of the software or continuously to reflect any updates or changes which 
occur during the developmental phase of the software, 

{00594- [00371 Furthermore, the Profile Matrix 24 comprises oilier data such as the date 
that the development S&A team has updated their documents, the date the development S&A 
team forwarded the PR Ws 26 to the deployment S&A representative and, finally, a column for 
high-level statements of the alterations. The S&A representatives and team are responsible for 
ensuring that breaches in security do not or have not occurred and, if they have occurred, what 
contingencies are necessary to overt further problems. Furthermore, the S&A representatives 
and team are responsible for identifying those individuals and entities who are allowed to have 
access to the software, coding, specifications, etc. 

(0038} [00381 The Profile Matrix tool 24 further allows for the tracking capability of the 
10/015,256 13 
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tasks required to gather and implement changes to the profiles. The Profile Matrix 24 identifies 
each profile. Furthermore, the Profile Matrix 24 identifies how each profile relates to a specific 
business unit; i.e., financing, billing, operations, distribution, etc. The profiles, however, 
categorize processes and provide full detail of all of the authorization required for an end user to 
cany out a particular task or transaction. For example, the profiles may identify a billing process 
or procedure which a particular software program may implement. 

1*0*9} r0039] The profiles identify this process in as much or as little detail as is required 
by the program specifications and requirements. Additionally, the profiles may change 
depending upon changes in the program specifications and requirements. The Profile Matrix 24 
continuously tracks the changes to the profiles and maintains these changes on a release to 
release basis. For example, once a change to a profile occurs in the first version of a particular 
software program, the Profile Matrix 24 maintains the change for all subsequent versions (up to 
the nth version); i.e., release-to-rclcase. 

10040} r004Q] As mentioned, the present invention provides for a Profile Requirement 
Worksheet (PRW) 26. The PRW 26 is a tool used by S&A teams to gather requirements 
regarding release requirements to profiles. It allows the S&A development team to identify the 
release name, the development process team S&A representative, the profile name and a 
description of the role of the end user. This is important because it compiles the data for the 
auditors in an easy to understand and unified form, thereby reducing administralive costs and 
cycle times. 

f004i} r0Q41f The development process learn S&A representative is responsible for 
filling out the first section of the form, indicating any additional transactions to the profiles and 
their associated scripts, hierarchical changes (information-specific to the geography using the 
10/015,256 14 
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profile), report changes, custom-designed tables released and a general comments section. 

{0042} [0042] The second section of the form is used by the development S&A team to 
identify authorization objects and field values required to perform the transactions, etc., which 
are included on the lira page of the form. The development S&A team then forwards the 
completed form to, the programming team to make the requested changes. There is also a section 
to place comments regarding the release, 

{0043} r00431 Additionally, the Profile Data Bank 22 provides data, as well as provides a 
secondary storage of the data found in the Profile Matrix Tool 24, Profile Requirement 
Worksheet Tool 26, and S&A Profile change Request Database 28. The S&A team 
communicates with the Profile Matrix Tool 24, the Profile Requirement Worksheet Tool 26 and 
the S&A Profile Change Request Database 28 with a S&A Team Interface 25, which may 
include conventional interface tools such as computer keyboards, a mouse, voice recognition 
software, other communications tools, or other types of interface tools. 

{0044} 100441 As mentioned, the present invention provides for a S&A Profile Change 
Request Database 28 which can be used when there is a need to make changes to an existing 
custom application profile, or if there is a requirement to create a new profile. Personnel can be 
assigned as approvers for the process owner, development S&A, auditors, among other coding 
teams, as well as the proxy approval personnel can be designated/maintained by the S&A 
development team. The database allows requesters of the data the ability to view documented 
progress on their requests, 

100451 Moreover, as previously mentioned, this is different than conventional 
relational databases or conventional workflow systems because the present S&A Profile Change 

4 

Request Database 28 specifically determines whether breaches in security have occurred in all 
10/015,256 15 
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phases of the development of a software program. Also, the present database ensures that only 
those individuals or entities which have been identified by company-specific internal controls, 
who should have access to the software, will have access to the software. 

{0046} [0046] There are several benefits of the present invention. First, prior to the 
present invention, no system provided a method and system for tracking updates to changes in 
profiles of specifications required for software coding and development. Moreover, no other 
systems or methods provided a history of the updates and change* in such a clear and concise 
manner as does the present invention. Furthermore, the present invention significantly reduces 
cycle times and administrative costs in the auditing procedures synonymous with software 
development. Additionally, the present invention provides for a fully documented database 
which aids in the internal auditing and control process. Finally, the present invention provides 
the ability to ensure that software development for a particular program or release is secure in 
terms of providing access to the development information (such as specifications, requirements, 
customized solutions, coding, programmers* comments, etc.) to only those individuals and 
entities absolutely required to have such information. 

[00 4 7] [0047] While the invention has been described in terms of preferred embodiments, 
those skilled in the art will recognize that the invention can be practiced with modification within 
the spirit and scope of the appended claims. 
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